Skip to main content

Last Call Review of draft-ietf-dtn-bpsec-default-sc-07
review-ietf-dtn-bpsec-default-sc-07-genart-lc-fossati-2021-05-25-00

Request Review of draft-ietf-dtn-bpsec-default-sc
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2021-06-01
Requested 2021-05-18
Authors Edward J. Birrane , Alex White , Sarah Heiner
I-D last updated 2021-05-25
Completed reviews Secdir Early review of -02 by Christian Huitema (diff)
Genart Last Call review of -07 by Thomas Fossati (diff)
Secdir Last Call review of -07 by Christian Huitema (diff)
Assignment Reviewer Thomas Fossati
State Completed
Request Last Call review on draft-ietf-dtn-bpsec-default-sc by General Area Review Team (Gen-ART) Assigned
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/Pi2b54tlo8qIbJTVJfuQbzV3fj0
Reviewed revision 07 (document currently at 11)
Result Ready w/nits
Completed 2021-05-25
review-ietf-dtn-bpsec-default-sc-07-genart-lc-fossati-2021-05-25-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-dtn-bpsec-default-sc-??
Reviewer: Thomas Fossati
Review Date: 2021-05-25
IETF LC End Date: 2021-06-01
IESG Telechat date: Not scheduled for a telechat

Summary:

This document defines two default security contexts (clear-text integrity and
authenticated encryption) for the BPSec protocol.  The raison d'ĂȘtre of this
specification is to provide basic security services for interop testing and
operational use on the terrestrial Internet.

This is a very well written document.  I have checked the CBOR examples and
they look good (as noted in the Nits section below, the use of CBOR Sequences
might be more explicitly indicated.)  The requests to IANA are clear and
actionable.

(Just a note: in my experience as an implementer -- albeit not of this
particular security protocol -- I have found that relying on canonicalisation
tends to make interop an arcane job.  I trust the DTN people have weighed their
pro and cons and made this choice consciously.)

Major issues: None

Minor issues: None

Nits/editorial comments:

* The references to Table 7 of RFC8152 might be replaced by references to Table
3. of draft-ietf-cose-rfc8152bis-algs (now in RFC-Ed queue) * The references to
Table 9 of RFC8152 might be replaced by references to Table 5. of
draft-ietf-cose-rfc8152bis-algs * In Section 5.1, the name of the registry
should be "BPSec Security Context Identifiers" (plural "Identifiers") * Since
the document examples make use of CBOR Sequences, it'd be worth stating that in
the relevant places (e.g., A.1.3.2) -- and maybe sticking a reference to
RFC8742.